Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

flyingincognito.com browser..I'm an idot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

flyingincognito.com browser..I'm an idot

Unread postby raecampus » January 18th, 2011, 12:54 pm

Have read forum requirements, removed P2P programs, never again gents!
Thank you for your consideration and help! Thank you in advance
Please find the hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:23 AM, on 1/18/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\easy gadget\easy gadget.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: easy gadget.lnk = C:\Program Files\easy gadget\easy gadget.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9602116875
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10566 bytes
raecampus
Active Member
 
Posts: 9
Joined: January 18th, 2011, 12:05 pm
Advertisement
Register to Remove

Re: flyingincognito.com browser..I'm an idot

Unread postby Bob4 » January 18th, 2011, 4:53 pm

Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!



  • Save and quit any work your doing before beginning the fix.
  • Follow the steps I describe in the order I asked if at all possible,
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT install new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!



______________________________
Open HJT

this time click on
Misc tools section

then:
Open uninstall Manager
click on save list.
Post that for me.


_________________________
In your next reply I would like to see:
    • The report from Uninstall list.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Report from uninstall list

Unread postby raecampus » January 18th, 2011, 5:33 pm

ABBYY FineReader 5.0 Sprint Plus
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 3.0
Adobe Reader 9
Adobe Shockwave Player
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ArcSoft WebCam Companion 2
avast! Free Antivirus
AviSynth 2.5
BCL easyConverter Desktop 1.0
BCL easyPDF Printer Driver 5.1
Bonjour
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.3.2.100
ConvertXtoDVD 4.1.9.347
Critical Update for Windows Media Player 11 (KB959772)
Dell Printer Software Uninstall
Dell ResourceCD
Download Updater (AOL LLC)
EarthLink MailBox
easy gadget
easy gadget
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Scan
EPSON Smart Panel
ffdshow
FileZilla Client 3.2.4.1
GoldWave v5.55
GoToAssist Corporate
HoldAcrobat.com
HoldAIM Toolbar
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
Intel(R) Extreme Graphics 2 Driver
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile - PREVIEW
Microsoft Antimalware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Small Business Edition 2003
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 6-9 Converter
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB973688)
My.Freeze.com NetAssistant
PHP Generator for MySQL 7.10
PowerDVD 5.5
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smart Installer
Sonic Activation Module
SoundMAX
Spyware Doctor 6.0
Universal Document Converter (Demo)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
WinAVI Video Converter
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
raecampus
Active Member
 
Posts: 9
Joined: January 18th, 2011, 12:05 pm

Re: flyingincognito.com browser..I'm an idot

Unread postby Bob4 » January 18th, 2011, 6:08 pm

___________________________________________
Uninstall Programs
Start/control panel/add remove programs ;
And Uninstall

Java(TM) 6 Update 13
Java(TM) 6 Update 7


____________________________________
Update Java Runtime

You are using an old and vunerable version of Java. The lateset is Java Runtime Environment (Java SE 6 Update 23).
  • Go to Java Site
  • Click to Download JDK 6 Update 23(JDK or JRE)
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u18-windows-i586.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer




_________________________________________
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.


_____________________________________________
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.




_____________________________________________
RSIT
  • Download Random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


This log will also produce a Hijackthis log so NO reason to post one of those.

_________________________
In your next reply I would like to see:

  • The report from RSIT
  • The report from TDSS KIller
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: The Report from RSIT ~ TDSSKILLER CLEAN

Unread postby raecampus » January 19th, 2011, 11:27 am

I hope this is the right file and not HJ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-01-19 10:13:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 126 GB (53%) free of 238 GB
Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:05 AM, on 1/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\easy gadget\easy gadget.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: easy gadget.lnk = C:\Program Files\easy gadget\easy gadget.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9602116875
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10779 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-09-30 155648]
"EPSON Stylus Photo RX600"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE [2003-09-09 99840]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-07-03 64000]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-09-30 126976]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-11-17 421160]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2010-12-17 4763256]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
easy gadget.lnk - C:\Program Files\easy gadget\easy gadget.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [2010-04-20 13672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-09-30 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=C:\Program Files\Qualcomm\Eudora\EuShlExt.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:EarthLink TotalAccess"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Documents and Settings\Owner\Desktop\WinSCP\WinSCP.exe"="C:\Documents and Settings\Owner\Desktop\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client"
"C:\Documents and Settings\Owner\Desktop\WinSCP.exe"="C:\Documents and Settings\Owner\Desktop\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Owner\My Documents\Downloads\utorrent.exe"="C:\Documents and Settings\Owner\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2011-01-19 10:13:08 ----D---- C:\Program Files\trend micro
2011-01-19 10:13:07 ----D---- C:\rsit
2011-01-19 10:09:07 ----A---- C:\TDSSKiller.2.4.14.0_19.01.2011_10.09.07_log.txt
2011-01-18 18:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2011-01-18 18:28:46 ----D---- C:\Program Files\Common Files\Java
2011-01-18 18:27:39 ----A---- C:\WINDOWS\system32\javaws.exe
2011-01-18 18:27:39 ----A---- C:\WINDOWS\system32\javaw.exe
2011-01-18 18:27:39 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-01-18 18:27:38 ----A---- C:\WINDOWS\system32\java.exe
2011-01-18 11:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-17 13:21:25 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2011-01-17 13:21:14 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-17 13:21:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-01-17 13:21:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-17 13:21:08 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-03 12:17:08 ----D---- C:\Documents and Settings\Owner\Application Data\PriceGong
2011-01-02 20:56:50 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2010-12-25 18:27:04 ----D---- C:\WINDOWS\system32\windowspowershell
2010-12-25 18:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2010-12-19 09:25:57 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2010-12-17 23:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-17 23:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-17 23:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-16 17:57:57 ----A---- C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2010-12-16 03:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-16 03:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-16 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-15 09:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-15 09:36:15 ----D---- C:\WINDOWS\ie8updates
2010-12-15 09:31:36 ----HDC---- C:\WINDOWS\ie8
2010-12-12 01:15:28 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-12-12 01:15:27 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-12-12 01:15:26 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-12-12 01:15:24 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-12-12 01:15:22 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-12-12 01:15:22 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-12-12 01:15:21 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-12-12 01:15:02 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-12-12 01:14:48 ----D---- C:\Program Files\Alwil Software
2010-12-12 01:14:48 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-12-11 14:39:21 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-11 13:29:41 ----D---- C:\Documents and Settings\All Users\Application Data\mEbNb06302
2010-12-11 11:59:35 ----D---- C:\Program Files\iPod
2010-12-11 11:59:13 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-11 11:49:24 ----D---- C:\Program Files\Bonjour
2010-12-11 11:43:20 ----D---- C:\Program Files\QuickTime
2010-12-01 14:06:29 ----A---- C:\WINDOWS\system32\drivers\AnyDVD.sys
2010-11-25 13:29:05 ----A---- C:\WINDOWS\system32\ElbyCDIO.dll

======List of files/folders modified in the last 2 months======

2011-01-19 10:14:05 ----D---- C:\WINDOWS\Prefetch
2011-01-19 10:13:08 ----RD---- C:\Program Files
2011-01-19 10:11:02 ----D---- C:\WINDOWS\Temp
2011-01-19 10:09:08 ----D---- C:\WINDOWS\system32\drivers
2011-01-19 10:00:58 ----SD---- C:\WINDOWS\Tasks
2011-01-19 09:56:30 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-19 09:54:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-19 09:53:50 ----D---- C:\WINDOWS\system32
2011-01-19 09:53:50 ----AD---- C:\WINDOWS
2011-01-18 18:28:48 ----SHD---- C:\WINDOWS\Installer
2011-01-18 18:28:48 ----SHD---- C:\Config.Msi
2011-01-18 18:28:46 ----D---- C:\Program Files\Common Files
2011-01-18 18:25:28 ----D---- C:\Program Files\Java
2011-01-18 11:20:51 ----HD---- C:\WINDOWS\inf
2011-01-18 11:20:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-18 10:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2011-01-18 08:12:26 ----RSD---- C:\WINDOWS\Fonts
2011-01-17 12:03:02 ----D---- C:\Documents and Settings\Owner\Application Data\FileZilla
2011-01-17 10:17:49 ----A---- C:\WINDOWS\win.ini
2011-01-14 11:55:23 ----A---- C:\WINDOWS\HandySnap.INI
2011-01-12 03:00:22 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-12 01:31:15 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-09 15:31:38 ----D---- C:\Documents and Settings\Owner\Application Data\Vso
2011-01-02 20:20:13 ----D---- C:\WINDOWS\Minidump
2010-12-26 10:50:28 ----A---- C:\WINDOWS\imsins.BAK
2010-12-26 10:49:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-26 10:49:48 ----D---- C:\WINDOWS\addins
2010-12-26 09:32:39 ----D---- C:\Program Files\Citrix
2010-12-25 23:24:20 ----D---- C:\Program Files\Vuze
2010-12-25 23:23:21 ----D---- C:\Program Files\Registry Mechanic
2010-12-25 23:22:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-12-25 18:32:26 ----RSD---- C:\WINDOWS\assembly
2010-12-25 18:31:51 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-25 18:28:00 ----D---- C:\WINDOWS\AppPatch
2010-12-25 18:27:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-25 18:27:20 ----D---- C:\WINDOWS\system32\config
2010-12-19 09:19:23 ----D---- C:\Documents and Settings\Owner\Application Data\Azureus
2010-12-18 08:26:20 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-16 03:01:36 ----D---- C:\Program Files\Outlook Express
2010-12-15 09:56:38 ----D---- C:\Documents and Settings\Owner\Application Data\Ucfiq
2010-12-15 09:55:30 ----D---- C:\WINDOWS\system32\en-US
2010-12-15 09:55:30 ----D---- C:\WINDOWS\Media
2010-12-15 09:55:29 ----D---- C:\WINDOWS\Help
2010-12-15 09:55:29 ----D---- C:\Program Files\Internet Explorer
2010-12-15 09:24:42 ----D---- C:\Documents and Settings\Owner\Application Data\Igpel
2010-12-12 07:48:27 ----D---- C:\Documents and Settings\Owner\Application Data\Piyson
2010-12-12 01:46:30 ----D---- C:\Documents and Settings\Owner\Application Data\Afkor
2010-12-12 01:46:28 ----D---- C:\Documents and Settings\Owner\Application Data\Cayron
2010-12-12 01:15:15 ----D---- C:\WINDOWS\WinSxS
2010-12-11 14:42:15 ----D---- C:\Documents and Settings
2010-12-11 12:18:27 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2010-12-11 12:06:37 ----D---- C:\Documents and Settings\Owner\Application Data\Kicoin
2010-12-11 12:00:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-11 12:00:46 ----D---- C:\Program Files\iTunes
2010-12-11 11:59:32 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-07-21 99176]
R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-09-01 206256]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-09-19 43528]
R0 TfFsMon;TfFsMon; C:\WINDOWS\system32\drivers\TfFsMon.sys [2009-04-19 51488]
R0 TfSysMon;TfSysMon; C:\WINDOWS\system32\drivers\TfSysMon.sys [2009-04-19 39200]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-16 31088]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2010-12-01 108104]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-09-30 752093]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-22 47360]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 astcc;AST Service; C:\WINDOWS\system32\AstSrv.exe [2008-06-11 53248]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-18 153376]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 820008]
S2 GoToMyPC;GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe Start=service []
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe [2010-04-20 13160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-08-24 1097096]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 TfKbMon;TfKbMon; C:\WINDOWS\System32\Drivers\TfKbMon.sys [2009-04-19 12576]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-04-19 70944]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt

info.txt logfile of random's system information tool 1.08 2011-01-19 10:14:11

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{9BF745FA-1118-44D2-9362-179DA4B27AC6}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7814358B-1284-4305-AE5A-6667DBDF4771}\Setup.exe" -l0x9
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BCL easyConverter Desktop 1.0-->MsiExec.exe /I{CAFE753E-426C-41C9-826B-5396CC377FFC}
BCL easyPDF Printer Driver 5.1-->MsiExec.exe /I{8D7574B1-49D7-41E6-9C2E-6B49A8619E64}
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.3.2.100-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
ConvertXtoDVD 4.1.9.347-->"C:\Program Files\VSO\ConvertX\4\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Printer Software Uninstall-->C:\Program Files\Dell_HostCD\Install\Uninstall.exe
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EarthLink MailBox-->msiexec.exe /x{CD1CD48D-7B18-4254-B43D-AEAB704AB063}
easy gadget-->msiexec /qb /x {812FF41B-6870-2964-2572-379477CEDA97}
easy gadget-->MsiExec.exe /I{812FF41B-6870-2964-2572-379477CEDA97}
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall
EPSON PhotoStarter3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
ffdshow-->"C:\Program Files\ffdshow\unins000.exe"
FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
GoldWave v5.55-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.55" "C:\Program Files\GoldWave\unstall.log"
GoToAssist Corporate-->C:\Program Files\Citrix\GoToAssist\615\G2AUninstaller.exe /uninstall
HoldAcrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
HoldAIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
iTunes-->MsiExec.exe /I{FAE36873-1941-4076-A9A5-48812B5EA0B7}
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework Client Profile - PREVIEW-->C:\AHCache\All Users\Microsoft.Net.Client.3.5\setup.exe /remove "Microsoft.Net.Client.3.5"
Microsoft Antimalware-->MsiExec.exe /X{E62A1F01-07B7-4541-A835-EE5B0BF064C2}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{90CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My.Freeze.com NetAssistant-->MsiExec.exe /X{BFF829B6-B433-42CE-9A19-E459D3E4E483}
PHP Generator for MySQL 7.10-->"C:\Program Files\SQL Maestro Group\PHP Generator for MySQL\unins000.exe"
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Smart Installer-->C:\Program Files\EarthLink\Smart Installer\UnSMI.exe
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Universal Document Converter (Demo)-->"C:\Program Files\Universal Document Converter\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB2447568)-->"C:\WINDOWS\ie8updates\KB2447568-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 8.0 ATL (x86) WinSXS MSM-->MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Spyware Doctor with AntiVirus (disabled)
AV: avast! Antivirus
AV: Microsoft Security Essentials

======System event log======

Computer Name: RAAV
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 40053
Source Name: W32Time
Time Written: 20101230214630.000000-300
Event Type: warning
User:

Computer Name: RAAV
Event Code: 7000
Message: The GoToMyPC service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 40019
Source Name: Service Control Manager
Time Written: 20101230080722.000000-300
Event Type: error
User:

Computer Name: RAAV
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 40013
Source Name: W32Time
Time Written: 20101229214030.000000-300
Event Type: warning
User:

Computer Name: RAAV
Event Code: 7000
Message: The GoToMyPC service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 39983
Source Name: Service Control Manager
Time Written: 20101229080125.000000-300
Event Type: error
User:

Computer Name: RAAV
Event Code: 8
Message: Printer EPSON Stylus Photo RX600 was purged.

Record Number: 39976
Source Name: Print
Time Written: 20101228125328.000000-300
Event Type: warning
User: RAAV\Owner

=====Application event log=====

Computer Name: RAAV
Event Code: 1517
Message: Windows saved user RAAV\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 9467
Source Name: Userenv
Time Written: 20100610215512.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RAAV
Event Code: 2002
Message: The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Record Number: 9465
Source Name: LoadPerf
Time Written: 20100610091513.000000-240
Event Type: warning
User:

Computer Name: RAAV
Event Code: 32068
Message:
Record Number: 9458
Source Name: Microsoft Fax
Time Written: 20100610085021.000000-240
Event Type: warning
User:

Computer Name: RAAV
Event Code: 32026
Message:
Record Number: 9457
Source Name: Microsoft Fax
Time Written: 20100610085021.000000-240
Event Type: warning
User:

Computer Name: RAAV
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 9451
Source Name: Adobe Active File Monitor
Time Written: 20100610085009.000000-240
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"asl.log"=Destination=file

-----------------EOF-----------------
raecampus
Active Member
 
Posts: 9
Joined: January 18th, 2011, 12:05 pm

Re: flyingincognito.com browser..I'm an idot

Unread postby Bob4 » January 19th, 2011, 7:09 pm

I need you to run the TDSSKiller - Rootkit Removal Tool program I asked.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: The Report TDSSKILLER

Unread postby raecampus » January 19th, 2011, 8:46 pm

Here you go, thanks

2011/01/19 19:44:24.0703 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/19 19:44:24.0703 ================================================================================
2011/01/19 19:44:24.0703 SystemInfo:
2011/01/19 19:44:24.0703
2011/01/19 19:44:24.0703 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/19 19:44:24.0703 Product type: Workstation
2011/01/19 19:44:24.0703 ComputerName: RAAV
2011/01/19 19:44:24.0703 UserName: Owner
2011/01/19 19:44:24.0703 Windows directory: C:\WINDOWS
2011/01/19 19:44:24.0703 System windows directory: C:\WINDOWS
2011/01/19 19:44:24.0703 Processor architecture: Intel x86
2011/01/19 19:44:24.0703 Number of processors: 2
2011/01/19 19:44:24.0703 Page size: 0x1000
2011/01/19 19:44:24.0703 Boot type: Normal boot
2011/01/19 19:44:24.0703 ================================================================================
2011/01/19 19:44:25.0015 Initialize success
2011/01/19 19:44:27.0468 ================================================================================
2011/01/19 19:44:27.0468 Scan started
2011/01/19 19:44:27.0468 Mode: Manual;
2011/01/19 19:44:27.0468 ================================================================================
2011/01/19 19:44:28.0171 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/19 19:44:28.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/19 19:44:28.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/19 19:44:28.0343 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/19 19:44:28.0375 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/19 19:44:28.0515 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/01/19 19:44:28.0640 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/01/19 19:44:28.0671 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/19 19:44:28.0703 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/19 19:44:28.0734 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/19 19:44:28.0796 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/19 19:44:28.0812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/19 19:44:28.0843 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/19 19:44:28.0890 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/19 19:44:28.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/19 19:44:28.0968 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/01/19 19:44:29.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/19 19:44:29.0062 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/19 19:44:29.0109 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/19 19:44:29.0156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/19 19:44:29.0171 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/19 19:44:29.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/19 19:44:29.0234 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/01/19 19:44:29.0437 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/19 19:44:29.0453 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/01/19 19:44:29.0484 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/19 19:44:29.0500 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/19 19:44:29.0531 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/01/19 19:44:29.0562 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/19 19:44:29.0578 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/19 19:44:29.0593 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/19 19:44:29.0625 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/01/19 19:44:29.0640 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/19 19:44:29.0671 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/19 19:44:29.0718 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/19 19:44:29.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/19 19:44:29.0781 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/19 19:44:29.0812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/19 19:44:29.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/19 19:44:29.0890 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/19 19:44:29.0968 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/19 19:44:30.0046 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/01/19 19:44:30.0109 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/19 19:44:30.0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/19 19:44:30.0187 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/19 19:44:30.0203 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/19 19:44:30.0250 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/19 19:44:30.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/19 19:44:30.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/19 19:44:30.0343 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/19 19:44:30.0375 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/19 19:44:30.0421 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/19 19:44:30.0515 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/19 19:44:30.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/19 19:44:30.0625 ialm (1432958dc80b7bbacf07377763d70e91) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/19 19:44:30.0687 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/19 19:44:30.0734 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/19 19:44:30.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/19 19:44:30.0796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/19 19:44:30.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/19 19:44:30.0843 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/19 19:44:30.0875 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/19 19:44:30.0906 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/19 19:44:30.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/19 19:44:30.0953 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/19 19:44:30.0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/19 19:44:31.0015 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/19 19:44:31.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/19 19:44:31.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/19 19:44:31.0171 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/19 19:44:31.0187 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/19 19:44:31.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/19 19:44:31.0250 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/19 19:44:31.0296 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/01/19 19:44:31.0359 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/19 19:44:31.0421 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/19 19:44:31.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/19 19:44:31.0500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/19 19:44:31.0531 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/19 19:44:31.0546 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/19 19:44:31.0578 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/19 19:44:31.0609 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/19 19:44:31.0640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/19 19:44:31.0671 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/19 19:44:31.0703 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/19 19:44:31.0718 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/19 19:44:31.0750 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/19 19:44:31.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/19 19:44:31.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/19 19:44:31.0843 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/19 19:44:31.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/19 19:44:31.0890 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/19 19:44:31.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/19 19:44:31.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/19 19:44:32.0031 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/19 19:44:32.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/19 19:44:32.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/19 19:44:32.0109 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/01/19 19:44:32.0156 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/01/19 19:44:32.0203 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/19 19:44:32.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/19 19:44:32.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/19 19:44:32.0281 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/19 19:44:32.0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/19 19:44:32.0359 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/19 19:44:32.0406 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/01/19 19:44:32.0437 PCTCore (d302a59e6d1842a201930928a5bad68b) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/01/19 19:44:32.0484 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/01/19 19:44:32.0531 pctplsg (5aa75b88e57aedf7fdb1f6b5196ad8a6) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/01/19 19:44:32.0703 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/19 19:44:32.0750 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/19 19:44:32.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/19 19:44:32.0812 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/19 19:44:32.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/19 19:44:32.0984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/19 19:44:33.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/19 19:44:33.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/19 19:44:33.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/19 19:44:33.0109 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/19 19:44:33.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/19 19:44:33.0203 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/19 19:44:33.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/19 19:44:33.0359 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/01/19 19:44:33.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/19 19:44:33.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/19 19:44:33.0546 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/19 19:44:33.0625 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/01/19 19:44:33.0687 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/19 19:44:33.0734 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/19 19:44:33.0781 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/19 19:44:33.0828 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/19 19:44:33.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/19 19:44:33.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/19 19:44:34.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/19 19:44:34.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/19 19:44:34.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/19 19:44:34.0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/19 19:44:34.0187 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/19 19:44:34.0218 TfFsMon (52d1882d3e90718483a1321ca5ce1aea) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/01/19 19:44:34.0265 TfNetMon (8eb02d60909345ee4f2be78a11364bcf) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/01/19 19:44:34.0281 TfSysMon (24ea02fd9663ccef16c114211cd9d5f4) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/01/19 19:44:34.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/19 19:44:34.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/19 19:44:34.0531 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/19 19:44:34.0562 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/19 19:44:34.0609 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/19 19:44:34.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/19 19:44:34.0671 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/19 19:44:34.0718 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/19 19:44:34.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/19 19:44:34.0781 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/19 19:44:34.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/19 19:44:34.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/19 19:44:34.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/19 19:44:34.0937 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/01/19 19:44:35.0000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/19 19:44:35.0078 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/19 19:44:35.0125 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/19 19:44:35.0171 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/19 19:44:35.0203 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/19 19:44:35.0390 ================================================================================
2011/01/19 19:44:35.0390 Scan finished
2011/01/19 19:44:35.0390 ================================================================================
raecampus
Active Member
 
Posts: 9
Joined: January 18th, 2011, 12:05 pm

Re: flyingincognito.com browser..I'm an idot

Unread postby Bob4 » January 19th, 2011, 9:14 pm

______________________________
HiJackThis
Run hijackthis
(Windows 7 or Vista users please right click and choose "run as administrator.)
and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

Close that.



________________________________________
I see you have installed Malwarebytes
Open Malwarebytes >>click on the LOG tab
Open and copy the first report you had done.
It will be in a dated values such as:
mbam-log-2009-01-02 (21-39-41).txt
I want the oldest log. That will be the earliest dated.

Please post the contents of that log.


____________________________________
Describe your problem for me.
Are you being redirected or getting Pop-ups?
If I knew it might give me a cluse what to look for.





_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Malwarebytes
  • Describe your problem for me.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Hijack Log, Malwarebytes log, problem

Unread postby raecampus » January 19th, 2011, 9:45 pm

Here is hijack log, I checked the two as requested and fixed, no longer here

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:14 PM, on 1/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\easy gadget\easy gadget.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: easy gadget.lnk = C:\Program Files\easy gadget\easy gadget.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9602116875
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10619 bytes




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5541

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/17/2011 1:42:10 PM
mbam-log-2011-01-17 (13-42-10).txt

Scan type: Quick scan
Objects scanned: 162980
Time elapsed: 16 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 90
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7426B22D-BF5B-C634-E4EE-6F975FE422A7} (Trojan.ZbotR.Gen) -> Value: {7426B22D-BF5B-C634-E4EE-6F975FE422A7} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{B1E15306-C315-B391-E7A5-5CA8E820D814} (Trojan.ZbotR.Gen) -> Value: {B1E15306-C315-B391-E7A5-5CA8E820D814} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\tmp22e7eb9a\header.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\tmpb28fddfa\selectandthe.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

The problem when I open browser (google home) I get the flyingincognitosleep.com in the address bar it would hang until I typed www.google.com in to get a browser.
t first I thought this was part of Google Chrome Bar, which I don't have.

I have noticed later today since I have been doing these fixes that flyingincognitosleep.com comes up breifly then goes to google, an improvement.

The problem is hard to say as I don't know what is flyingincognitosleep is doing that I am unaware of. From what I have read it can use my machine as zombie, steal sensitive info?

I installed Malware bytes a few days ago when I panicked. It picked up a few malware programs as you can see from log. I fixed or removed.

Thanks

Randy in Orlando

The malware bytes I downloaded and installed when I realized it was an issue.
raecampus
Active Member
 
Posts: 9
Joined: January 18th, 2011, 12:05 pm

Re: flyingincognito.com browser..I'm an idot

Unread postby Bob4 » January 20th, 2011, 9:02 am

OK that desription you've given me gives me a direction to head in.

___________________________________________
Reset your browsers home page
  • Open Firefox.
  • Click on "Tools" in the top menu list.
  • Select "Options" from the drop-down menu.
  • Choose the "General" tab from the top of the box that appears. it should say, "Home Page."
  • Enter the URL of the homepage of your choice http://www.google.com) into the box to the right of that field.
  • Click the "OK" button, located in the bottom right-hand side of the box.
    Close and reopen firefox.


_________________________________
Replace your host file
What this does... A host file is a list of known bad sites.
When you click or type in a link the host file is checked first.
If that link you typed or clicked is in the host file your browser will redirect you to http://127.0.0.1 .
A page on your computer. Go ahead and click that. Then use the back button to come back.

Download HostsXpert v4.1 and unzip it to your desktop.
  • Double click on HostsXpert.exe
  • Click on Make writeable.
  • Then click on Download<< MVPs Hosts << Replace. If your firewall asks allow it.
    Once it's done.
  • Click on Make Hosts Read Only to secure it against further infection.


________________________________________
Run OTL
Please download OTL© by OldTimer and save it to your desktop. Click here.
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options are checked (ticked). There are five of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.


_________________________
In your next reply I would like to see:

  • The report from OTL
  • Is your browser now opening to goolge.com ( or what ever homepage you selected)?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Host file hangup

Unread postby raecampus » January 20th, 2011, 11:04 am

Having issue with Hostsxpert.

By default or attribute setting the button is Make Readable. when I toggle to make writable the <<download>> << replace>> is non functional.

I was never prompted to confirm remove any attriubtes.

In help, notes:

Starting HostsXpert©:
HostsXpert will check if the "System attribute" has been set on the Hosts file (making it un-writable). HostsXpert will remove the attribute with your confirmation. However, HostsXpert cannot later turn on the system attribute.
(The Hosts file is an operating system file - it will not set the system attribute.) If your Hosts file is set to read-only, toggle the attribute off before performing work on your hosts file. The file attributes are really only very rudimentary protection for your hosts file and no protection whatsoever against Malware.

I didn't want this to be difficult to resolve, much thanks!

Randy in Orlando


T
raecampus
Active Member
 
Posts: 9
Joined: January 18th, 2011, 12:05 pm

Re: flyingincognito.com browser..I'm an idot

Unread postby Bob4 » January 20th, 2011, 10:35 pm

I can see where my instructions weren't very clear. When you open Hosts expert you should see "Make readable". When you can see that the file can be written to. You should be able to work it from there. If not let me know.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Report from Extras.txt and OTL.txt

Unread postby raecampus » January 20th, 2011, 11:46 pm

I didnd't see incognitosleep.com just now when opening browser. Will check on reboot.





OTL Extras logfile created on: 1/20/2011 10:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 122.72 Gb Free Space | 52.70% Space Free | Partition Type: NTFS
Drive F: | 15.59 Mb Total Space | 9.25 Mb Free Space | 59.32% Space Free | Partition Type: FAT

Computer Name: RAAV | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:EarthLink TotalAccess
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Documents and Settings\Owner\Desktop\WinSCP\WinSCP.exe" = C:\Documents and Settings\Owner\Desktop\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client
"C:\Documents and Settings\Owner\Desktop\WinSCP.exe" = C:\Documents and Settings\Owner\Desktop\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Owner\My Documents\Downloads\utorrent.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.2.100
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7814358B-1284-4305-AE5A-6667DBDF4771}" = ArcSoft WebCam Companion 2
"{812FF41B-6870-2964-2572-379477CEDA97}" = easy gadget
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8D7574B1-49D7-41E6-9C2E-6B49A8619E64}" = BCL easyPDF Printer Driver 5.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{BFF829B6-B433-42CE-9A19-E459D3E4E483}" = My.Freeze.com NetAssistant
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAFE753E-426C-41C9-826B-5396CC377FFC}" = BCL easyConverter Desktop 1.0
"{CD1CD48D-7B18-4254-B43D-AEAB704AB063}" = EarthLink MailBox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = HoldAIM Toolbar
"AnyDVD" = AnyDVD
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = HoldAcrobat.com
"com.brighthouse.air.gadget.D76A18CCA16817C56F836CA64BA57EFAC2361D0A.1" = easy gadget
"Dell_HostCD" = Dell Printer Software Uninstall
"EarthLinkMailClient" = EarthLink MailBox
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow
"FileZilla Client" = FileZilla Client 3.2.4.1
"GoldWave v5.55" = GoldWave v5.55
"GoToAssist" = GoToAssist Corporate
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile - PREVIEW
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PHP Generator for MySQL_is1" = PHP Generator for MySQL 7.10
"SmartInstaller" = Smart Installer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 6.0
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"My.Freeze.com NetAssistant" = My.Freeze.com NetAssistant for Firefox
"Stamps.com" = Stamps.com

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/25/2010 6:53:38 PM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 12/25/2010 7:08:44 PM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 12/25/2010 7:36:14 PM | Computer Name = RAAV | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 2.1.6805.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 12/25/2010 8:30:50 PM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 12/26/2010 10:40:25 AM | Computer Name = RAAV | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 12/26/2010 10:40:25 AM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 12/26/2010 11:37:51 AM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/2/2011 9:19:01 PM | Computer Name = RAAV | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.3.2.100, faulting
module convertxtodvd.exe, version 3.3.2.100, fault address 0x0042c71d.

Error - 1/2/2011 9:29:23 PM | Computer Name = RAAV | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.3.2.100, faulting
module convertxtodvd.exe, version 3.3.2.100, fault address 0x0042c71d.

Error - 1/13/2011 3:33:07 PM | Computer Name = RAAV | Source = Application Error | ID = 1000
Description = Faulting application handysnap.exe, version 0.5.0.3, faulting module
handysnap.exe, version 0.5.0.3, fault address 0x00012170.

[ System Events ]
Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The AST Service service terminated unexpectedly. It has done this
1 time(s).

Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/19/2011 10:46:57 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Photoshop Elements Device Connect service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/19/2011 10:46:57 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/19/2011 10:46:57 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 1/19/2011 10:56:18 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%3

Error - 1/20/2011 10:02:20 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%3





< End of report >






OTL logfile created on: 1/20/2011 10:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 122.72 Gb Free Space | 52.70% Space Free | Partition Type: NTFS
Drive F: | 15.59 Mb Total Space | 9.25 Mb Free Space | 59.32% Space Free | Partition Type: FAT

Computer Name: RAAV | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/20 22:21:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/12/17 12:38:43 | 004,763,256 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/09 14:53:39 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/09 14:53:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/24 14:08:03 | 000,142,336 | ---- | M] () -- C:\Program Files\easy gadget\easy gadget.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/06/11 09:28:14 | 000,053,248 | ---- | M] ( Advanced Software Technologies) -- C:\WINDOWS\system32\AstSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/03 16:48:02 | 000,064,000 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/05 10:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 09:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac7302\Monitor.exe
PRC - [2006/09/11 03:40:34 | 000,086,960 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 02:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


========== Modules (SafeList) ==========

MOD - [2011/01/20 22:21:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/02/04 13:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (GoToMyPC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/20 10:47:47 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/24 01:48:09 | 001,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/04/19 21:24:49 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/06/11 09:28:14 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [Auto | Running] -- C:\WINDOWS\system32\AstSrv.exe -- (astcc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 02:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)


========== Driver Services (SafeList) ==========

DRV - [2010/12/16 17:57:57 | 000,031,088 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010/12/01 14:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/01 01:07:38 | 000,206,256 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/19 21:24:49 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/04/19 21:24:48 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/04/19 21:24:47 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 11:36:04 | 000,064,392 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/09/26 09:41:12 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 ED 1D 2F 17 B7 CB 01 [binary data]
IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {D5493C6A-FD62-4255-AA85-AB7E7D0F0001}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid=#netassistant_id#&Version=#netassistant_version#&Vintage=20100519&Defaultbrowserid=15&Productid=1704&Vendorid=3852&Offerid=6680&searchterm="

FF - user.js..browser.startup.homepage: "http://flyingincognitosleep.com/cgi-bin/h.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 11:42:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/18 18:27:39 | 000,000,000 | ---D | M]

[2009/04/27 17:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/01/19 10:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions
[2009/09/03 13:57:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/22 15:13:35 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/04/22 09:51:16 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/12/19 09:26:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2009/09/26 15:34:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/19 09:26:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\engine@conduit.com
[2009/08/28 09:44:40 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\firebug@software.joehewitt.com
[2011/01/19 10:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 18:27:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/06/02 07:13:11 | 000,000,000 | ---D | M] (BarQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}
[2011/01/18 18:27:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/18 18:27:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/20 22:19:43 | 000,623,385 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 http://www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 http://www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 http://www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16473 more lines...
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-484763869-1500820517-725345543-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-484763869-1500820517-725345543-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-484763869-1500820517-725345543-1003..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-484763869-1500820517-725345543-1003..\Run: [msnmsgr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\easy gadget.lnk = C:\Program Files\easy gadget\easy gadget.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-1500820517-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9602116875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/17 15:47:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{98e05ef0-8504-11dd-b1e4-000f1fe1fe60}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{a696ab98-109a-11de-b30a-000f1fe1fe60}\Shell - "" = AutoRun
O33 - MountPoints2\{a696ab98-109a-11de-b30a-000f1fe1fe60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a696ab98-109a-11de-b30a-000f1fe1fe60}\Shell\AutoRun\command - "" = E:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/20 22:21:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/20 09:52:33 | 000,356,352 | ---- | C] (funkytoad.com) -- C:\Documents and Settings\Owner\Desktop\HostsXpert.exe
[2011/01/19 20:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2011/01/19 10:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/19 10:13:07 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/19 10:07:13 | 001,349,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/01/19 09:34:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2011/01/18 18:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/18 18:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/18 18:27:39 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/18 18:27:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/18 18:27:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/18 18:27:39 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/18 18:27:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/18 18:18:46 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u23-windows-i586.exe
[2011/01/18 11:31:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/01/17 13:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/01/17 13:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/17 13:21:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/17 13:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/17 13:21:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/17 13:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 12:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVMARCH11
[2011/01/10 09:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Open Air Cinema
[2011/01/06 12:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Projector Doctor
[2011/01/03 12:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2011/01/02 20:56:50 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2010/12/29 11:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVAPRIL11
[2010/12/27 08:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVSEPT11
[2010/12/27 08:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVAUG11
[2010/12/27 08:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVJUNE11
[2010/12/25 18:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2010/12/25 18:27:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/12/25 18:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Dell Inc
[2010/12/25 18:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\203E
[2010/12/25 18:17:55 | 000,802,820 | ---- | C] (NEC Corporation) -- C:\Documents and Settings\Owner\My Documents\NECND6500A_V203E.exe
[2010/12/25 18:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2010/12/24 16:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\uTorrentBar
[2008/12/22 07:10:50 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[13 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/20 22:21:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/20 22:19:43 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HostsXpert.ini
[2011/01/20 22:15:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/01/20 15:50:12 | 000,659,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RAAV11.mdb
[2011/01/20 14:23:52 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2011/01/20 09:06:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/20 09:01:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 20:36:14 | 000,010,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis2
[2011/01/19 20:27:03 | 000,095,928 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\malwareremoval.JPG
[2011/01/19 20:25:33 | 000,000,880 | ---- | M] () -- C:\WINDOWS\HandySnap.INI
[2011/01/19 10:10:47 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2011/01/19 10:07:27 | 001,349,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/01/19 09:34:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2011/01/18 18:27:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/18 18:27:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/18 18:27:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/18 18:27:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/18 18:27:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/18 18:18:59 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u23-windows-i586.exe
[2011/01/18 11:32:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/01/18 11:15:51 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2011/01/17 13:21:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/17 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/01/16 11:42:26 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 16:22:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/14 11:55:23 | 000,032,997 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cream.JPG
[2011/01/09 15:31:36 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2011/01/06 20:25:19 | 000,659,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RAAV10.mdb
[2011/01/04 13:08:40 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2011/01/02 20:57:12 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ConvertXtoDVD 4.lnk
[2011/01/02 20:57:12 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/12/28 10:11:59 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/12/26 10:50:28 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/26 10:49:52 | 000,436,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/26 10:49:52 | 000,068,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/26 10:49:36 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/12/25 18:17:18 | 000,357,724 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\203E.zip
[2010/12/25 17:43:20 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/12/23 10:41:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[13 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 22:19:43 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HostsXpert.ini
[2011/01/19 20:36:14 | 000,010,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis2
[2011/01/19 20:25:33 | 000,095,928 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\malwareremoval.JPG
[2011/01/19 10:10:42 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2011/01/18 11:15:46 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2011/01/17 13:21:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 11:55:23 | 000,032,997 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cream.JPG
[2011/01/02 20:57:12 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ConvertXtoDVD 4.lnk
[2011/01/02 20:57:12 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/12/27 08:20:51 | 000,659,456 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RAAV11.mdb
[2010/12/25 18:17:16 | 000,357,724 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\203E.zip
[2010/06/13 20:52:38 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/06/13 20:52:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/06/13 12:04:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2010/06/13 11:55:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\EPSONRX600.ini
[2010/05/06 16:48:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/20 08:23:05 | 000,025,340 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2010/04/19 20:32:16 | 000,007,735 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).EML
[2010/04/19 12:49:14 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xobni_installer_updater.log
[2010/02/26 12:17:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wfxmacro.INI
[2009/10/22 08:45:12 | 002,014,268 | ---- | C] () -- C:\Program Files\FileZilla_3.2.8.1_win32-setup.exe
[2009/10/15 12:07:48 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2009/03/15 09:34:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\monFDE.log
[2009/02/23 16:03:03 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2009/01/19 11:34:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2008/12/22 07:11:10 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2008/12/22 07:10:57 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2008/12/22 07:10:50 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2008/12/22 07:10:50 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2008/12/22 07:10:50 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2008/10/13 06:59:43 | 000,000,880 | ---- | C] () -- C:\WINDOWS\HandySnap.INI
[2008/10/01 13:35:53 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/09/29 08:30:48 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008/09/18 07:06:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/09/17 23:05:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/09/17 21:55:59 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/09/17 21:55:58 | 000,000,350 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/17 20:10:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/17 20:10:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/09/17 17:30:40 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/17 17:14:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2008/09/17 11:32:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/02/02 10:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/12/12 01:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/11/28 14:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/07/19 11:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2009/05/25 11:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/01/25 13:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2010/12/15 13:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mEbNb06302
[2009/05/22 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/10/01 13:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/25 23:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/02 10:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/17 17:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/12/22 16:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/11 12:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/07 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/02 10:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/12/12 01:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Afkor
[2010/12/19 09:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2010/12/12 01:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cayron
[2008/09/17 21:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/14 11:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\deskUNPDF
[2009/03/16 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DevelCor
[2009/05/23 07:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/04/28 13:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Earthlink
[2009/02/16 10:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2011/01/19 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2010/12/15 09:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Igpel
[2008/09/18 09:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2010/12/11 12:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kicoin
[2008/09/17 21:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/05/06 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My.Freeze.com NetAssistant
[2010/12/12 07:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Piyson
[2011/01/18 08:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/02/12 14:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qualcomm
[2010/06/13 21:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smart Panel
[2009/06/02 11:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPAMfighter
[2009/12/18 09:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2010/12/15 09:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ucfiq
[2009/12/04 14:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UDC Profiles
[2009/04/07 14:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uniblue
[2011/01/18 09:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/09/29 21:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uzehqe
[2011/01/09 15:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/10/30 16:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ypdour
[2011/01/20 09:06:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/20 22:15:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/01/17 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Program Files\SlySoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\AnyDVDHD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\VDPPROMO:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\RAAVWEB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\faxsend:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\DIXLOGO:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\DIXIE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\CONTRACTS:Roxio EMC Stream
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:1ED49CE6F6EF3009
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >
raecampus
Active Member
 
Posts: 9
Joined: January 18th, 2011, 12:05 pm

Re: flyingincognitoseep.com... im an idiot

Unread postby raecampus » January 21st, 2011, 9:33 am

Flying incognitosleep is back when I booted up this morn and opened Firefox. Received a warning and block from AVAST.
raecampus
Active Member
 
Posts: 9
Joined: January 18th, 2011, 12:05 pm

Re: flyingincognito.com browser..I'm an idot

Unread postby Bob4 » January 21st, 2011, 2:58 pm

Can you tell me what this computer is used for ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware